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Vulnerability Management Process 


e #4 of SANS Critical Security Controls 


e Related to: 
* #1 of SANS Critical Security Controls 
e #2 of SANS Critical Security Controls 
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e VM & QualysGuard in Agrokor Group: since 2006 
e Started with 100s of assets now we 1000s of IT Assets in VM 
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Key challenges 


. VM workflow 
. RACI matrix 


IT Asset management in VM 


. Remediation policy 
. Visibility of VM process 
. Accuracy of VA Scans 
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Source: SANS 20 Critical Controls 4.1 
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RACI matrix 
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IT Assets management in VM 
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VM Policy 
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Vulnerability Management v Help v | Ivo Pejaković (agrkr-vp) v. | Logout 


Dashboard Scans Reports Remediation Assets KnowledgeBase Users 


New v 1-20 of 151 v 
Displaying tickets modified within the last 30 days. Use Setup menu to change. 
Y Open Tickets 
Ticket # State Resolved Tickets DNS Hostname NetBIOS Hostname Severity QID Vulnerability Title Owner Modified Created » Resolved 
Closed/ignored Tickets 3 12680 HTTP TRACE /TRACK Methods Enabled 


Ch d/Fixed Tickets 
os 3 12680 HTTP TRACE / TRACK Methods Enabled 


Overdue Tickets. 


Trz.TO;U-TOU zT 3 38140 SSL Server Supports Weak Enc 
Vulnerability 
172.16.0.189 443 3 HTTP TRACE / TRACK Methods Enabled 
172.16.0.221 80 3 87244 Apache Tomcat JavaDoc Spoofing 
Vulnerability 
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Disciosure 


Microsoft Remote Desktop Service Not 


Using Additional Encryption 


172.16.0.130 


3 90883 Windows Remote Desktop Protocol Uses 


Weak Private Key 


172.16.0.130 3389 3 90882 Windows Remote Desktop Protocol Weak 
Encryption Method Allowed 

172.16.0.144 3 70001 NetBIOS Shared Folder List Available 

172.16.0.144 3 105 Microsoft Remote Desktop Service Not 


Using Additional Encryption 


172.16.0.144 


3 90883 Windows Remote De: 
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Sharing Best Practice 


Define sustainable VM policy 

Address all exceptions from the policy 
Automation of VM activities 

Be careful with VM process roles definition 
Delegate responsibilities 

Improve accuracy > use authenticated scans 
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This does not exist! 
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